Skip to main content

Onlyoffice Desktopeditors

1 CVEs product

Monthly

CVE-2026-41030 MEDIUM PATCH This Month

ONLYOFFICE DesktopEditors versions before 9.3.0 allow local attackers to perform arbitrary file operations with SYSTEM privileges via the update service, resulting in denial of service through resource exhaustion or file manipulation. The vulnerability requires local access and operates without user interaction, making it a significant privilege-escalation risk in multi-user or compromised-account scenarios.

Information Disclosure Onlyoffice Desktopeditors
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

ONLYOFFICE DesktopEditors versions before 9.3.0 allow local attackers to perform arbitrary file operations with SYSTEM privileges via the update service, resulting in denial of service through resource exhaustion or file manipulation. The vulnerability requires local access and operates without user interaction, making it a significant privilege-escalation risk in multi-user or compromised-account scenarios.

Information Disclosure Onlyoffice Desktopeditors
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy